Could you post the rest of that JavaScript on pastebin, then post the pastebin link here?
I just tried de-obfuscating the JavaScript, but you only included part of it - most, including the payload, is missing.
Thanks!
I went to the Editor in my blog and chose header.php, as that's where he said it would be found. I scrolled down to look for the coding, as yes, I noticed it was only partially given (good move though! without the whole thing posted here, nobody could take it and begin to try and play nasty games with somebody else's site!)
YOU CAN'T MISS IT. It was about 1/3 of the way down the file, and the coding is SO blatantly apparent from all normal coding. Take it from the < script> to the </ script> and just zap it out. FIRST, I did a select-all, and copied the entire header.php to Notepad, just in case. But delete that coding, hit save.
You may find that it screws with AdSense (and perhaps other things, but frankly I didn't look... AdSense is just so apparent, it was the first thing I noticed, being 'altered' - but upgrading to WP 2.9.1 fixed it all)
Make your backup copy, and zap that coding. You sure don't want to leave it there. PC, WP, just parts and pieces; they don't bite!
Good luck
Leanne
my blog:
http://www.1webdiva.com/blog/